Description:
------------
SECURITY ALERT:
Related to: http://bugs.php.net/bug.php?id=28729http://bugs.php.net/bug.php?id=27110
(First the rant) This isn't the same bug... and to be honest I'm getting quite pissed at the amount of times a bug is reported only to be closed as Bogus because dev can't be arsed to look into it. This just results in people not bothering to report bugs.
In this case, the auto_prepend_file and auto_append_file values are not reset between requests. Thus one change in a .htaccess file results in the change lingering on for the next request (perhaps even on a different vhost).
This could be a very nasty security issue because it lets me, in a web hotel, insert code into other people websites, such as emailing me $GLOBALS so I could extract credit card details, etc.
I believe the fix is in main/main.c (in 5.0.3) in php_module_startup() to add:
PG(auto_prepend_file) = NULL;
PG(auto_append_file) = NULL;
The same will be the case in the 4.x tree.
The same should be true for other "leaking" values.
As a workaround setting the Apache MaxRequests to 1 will result in a fresh apache and as a result a fresh php. The hit is poor performance.

So have you actually verified that this happens with Apache1+PHP4.x? I'll test other versions as well, but I just tested that combination and auto_prepend_file is getting reset correctly there. If it only happens on certain server versions or certain PHP versions, please provide those versions so we have a chance to verify this.

[2005-02-08 23:31 UTC] phpbugrep-20050204 at pgregg dot com

Hi Rasmus,
After some more research we believe this is a duplicate of http://bugs.php.net/bug.php?id=25753 as this issue is not apparent beyond 4.3.3
Many thanks for your attention on this,
Paul.